SlideShare a Scribd company logo

Visibility and Automation for Enhanced Security

P
patmisasi

Presentation from Scalar-Gigamon Roundtable, March 10th Toronto, "Visibility and Automation for Enhanced Security".

1 of 27
Download to read offline
Visibility and Automation for Enhanced Security VP, Product Line Management Ananda Rajagopal
3©2015 Gigamon. All rights reserved. Pervasive Monitoring for Pervasive Visibility WHAT IS DRIVING THIS EMERGING NEED? • Increasing Security Threats • “Zero Trust” Security model: network traffic monitoring • Distributed applications create east-west traffic patterns • Dynamically changing traffic patterns demand better visibility • Maintain visibility through emerging network architecture changes • E.g. White Box, SDN, VMware NSX, Cisco ACI, OpenFlow • Eliminate blind spots due to new encapsulations, encryption* • E.g. VXLAN, SSL traffic Security, Distributed Apps, SDN, New Blind Spots Driving Pervasive Monitoring * ‘Avoid These "Dirty Dozen" Network Security Worst Practices’, Andrew Lerner and Jeremy D'Hoinne, Gartner, January 2015
4©2015 Gigamon. All rights reserved. Gaps in Traditional Security Model Perimeter or Endpoint Based Simple Trust Model Static Environment • Inside vs. outside • Focus on prevention • Trusted vs Un-trusted • Corporate vs. personal asset • Fixed locations, zones, perimeters • Rule based • Signature based • Insider-outsider boundary dissolved • BYOD • Mobility of users, devices and applications
5©2015 Gigamon. All rights reserved. ©2015 Gigamon. All rights reserved. Gaps in Traditional Security Model Perimeter or Endpoint Based Simple Trust Model Static Environment • Inside vs. outside • Focus on prevention • Trusted vs Un-trusted • Corporate vs. personal asset • Fixed locations, zones, perimeters • Rule based • Signature based • Insider-outsider boundary dissolved • BYOD • Mobility of users, devices and applications More importantly … THE VERY NATURE OF CYBER THREATS HAS CHANGED!
6©2015 Gigamon. All rights reserved. Source: RSA Anatomy of an Advanced Persistent Threat (APT) 65432 In Many Cases the System Stays Breached After Exfiltration! Phishing & zero day attack Back door Lateral movement Data gathering Exfiltrate 1 Reconnaissance
7©2015 Gigamon. All rights reserved. *Trustwave 2014 global security report **FireEye: Maginot revisited Current State of Global Security The mean number of days from initial intrusion to detection* The average lifespan of a zero-day before it is discovered or disclosed* of organizations had active Command & Control (C&C) communications** of organizations in the study were breached during the test period**
8©2015 Gigamon. All rights reserved. Internet Firewall DMZ IPS Spine Leaf IDS Server Farm Core Switch What Else Has Changed That Impacts Security? FUNDAMENTAL SHIFT IN TRAFFIC PATTERNS No visibility into lateral propagation of threats!
9©2015 Gigamon. All rights reserved. What Else Has Changed That Impacts Security? DISSOLVING BOUNDARIES BETWEEN THE EDGE AND THE DATA CENTER Internet Firewall DMZ IPS Spine Leaf IDS Server Farm Core Switch Virtual Desktop
10©2015 Gigamon. All rights reserved. What Else Has Changed That Impacts Security? MOBILITY Internet Firewall DMZ IPS Spine Leaf IDS Server Farm Core Switch Virtual Desktop
11©2015 Gigamon. All rights reserved. Visibility: Catalyst for the Right Security Architecture WHAT IS NEEDED? Deliver network wide view, regardless of mobility Take the guesswork out of where to place security tools! Condense large volumes of data into manageable data Peek into encrypted traffic
12©2015 Gigamon. All rights reserved. • Proliferation of tools • Contention for access to traffic • Extraordinary costs • Inconsistent view of traffic • Model breaks down during a network upgrade The Spaghetti of Today’s Monitoring Infrastructure WHY HAS IT NOT BEEN DONE YET? Core Switches Access Switches Internet Internet Distribution Switches ANTI- MALWARE SIEM DLP IDS IPS FORENSICS APT ANALYTIC S
13©2015 Gigamon. All rights reserved. Example Security Delivery Architecture OFFERED BY GIGAMON TODAY Leaf switch Spine switch Spine switch Core switch Core switch Leaf switch APM IPS (Inline) Anti-Malware (Inline) Network Forensics Web Analytics SIEM DLP IDS APT Detection Security Tool Rack GigaVUE-VM Inline Bypass SSL Decryption NetFlow Generation GigaVUE-FM
14©2015 Gigamon. All rights reserved. Third Party Applications, SDN Controller Integration, etc… Applications & Tools Infrastructure, User Community Unified Visibility Fabric™ FOR PERVASIVE VISIBILITY INTO BUSINESS INFRASTRUCTURE Traffic Intelligence Visibility Fabric Nodes (Pervasive visibility across physical, virtual, remote sites, and future SDN/NFV production networks) Fabric Services Flow Mapping® Fabric Control (Management) Applications Inline Bypass GigaVUE-HD8 GigaVUE-HD4 GigaVUE-HB1 GigaVUE-HC2 HSeries TASeries GigaVUE-TA1 GigaVUE-OS on white box* VirtualVisibility GigaVUE-VM TAPs G-TAP G-TAP A Series G-TAP BiDi Embedded TAPs GSeries GigaVUE-2404 GigaVUE-420 G-SECURE-0216 Deduplication Packet Slicing FlowVUE™ Masking GTP Correlation Header Stripping NetFlow Generation Tunneling SSL Decryption Adaptive Packet Filtering GigaVUE-FM Clustering API API API API API
15©2015 Gigamon. All rights reserved. Physical • Service chain GigaSMART® applications • Leverage hybrid port capability • Create flexible service chains Advanced Traffic Intelligence Using GigaSMART MULTIPLE APPLICATIONS CAN BE SERVICE CHAINED TOGETHER Flow Mapping® Tunnel Termination SSL Decryption Adaptive Packet Filtering Virtual GigaVUE-VM GigaVUE-VM Remote site traffic to DLP Web Server Connect Requests to NPM / CEM East-West traffic between virtual workloads to IDS
Visibility Fabric: A Customer’s Journey A Programmable Fabric to Detect, React and Respond 16
17©2015 Gigamon. All rights reserved. The Customer Journey Visibility Enables Consolidation & Optimization Cost, Network & Tool Efficiency, Traffic Productivity Visibility Fabric: Physical & Virtual Nodes Ability to Manage Fabric Clusters Themes Pain Point/ Value Business Value Gigamon Solutions Best Practices Visibility Assures Security & Compliance Risk Management: Compliance, Security, Privacy, Data Integrity Visibility Platform Ability to Tie IT Teams Together Visibility Delivers Insight & Action Business Agility to Anticipate, React, and Respond Active Visibility: Detect & Respond Ability to Have the Platform Act as a Real-time Sensor CAPEX OPEX ASSURANCE CAPEX OPEX ASSURANCE CAPEX OPEX AGILITY + + Stages of Customer Adoption and Maturity
18©2015 Gigamon. All rights reserved. DAY 1 ROI ASSURED! NPM NPM NPM NPM Edge Switches Internet Routers Core Switches Distribution Switches Case Study: Large Utility 18 $6.25M $3.1M NPM NPM NPM NPM NPM NPM NPM NPM NPM NPM NPM NPM  New data center with NPM deployment  Original Quote for NPM: $6.25M  Rejected by Utility’s Budget Approvers  NPM + Gigamon: $3.1M  Results: 1. Better deployment 2. Improved 4-5 additional tools 3. Visibility Fabric architecture now in place 4. 50% savings in CAPEX
Software Defined Visibility Programmable Fabric 19
20©2015 Gigamon. All rights reserved. The Case for a Programmable Visibility Fabric USE CASE: SECURITY (PROVISIONING AND NOTIFICATIONS) ‘Suspicious’ Pattern • Generate NetFlow • Change Flow Map • Decrypt SSL APIs Software Defined Data Center Virtual Workloads Production Network Internet Security Tools and Analytics GigaVUE-FM APIs to Provision Visibility Fabric™
21©2015 Gigamon. All rights reserved. The Case for a Programmable Visibility Fabric USE CASE – INVENTORY, ANALYTICS, PROVISIONING AND ADMINISTRATION Customer / Partner Applications (Auto Provisioning) GigaVUE-FM Production Network Tools and Analytics Application Performance Network Management • Configure Network Port • Create / Update Flow Map APIsAPIs Customer Application (CMDB) Vendor APIs (Inventory, Stats) Use Case 2 (Inventory/Stats): • Heterogeneous monitoring • Reporting • Capacity Planning Use Case 3 (Ticketing/Provisioning): • Configure network port • Monitor new IP subnet / VLANs • Upgrade SW image • Get Inventory / Status • Get Statistics Security APIs to Provision Visibility Fabric
22©2015 Gigamon. All rights reserved. The Case for a Programmable Visibility Fabric USE CASE – PRIVATE CLOUD PROVISIONING Software Defined Data Center Virtual Workloads Internet Use Case 4 (Private Cloud Orchestration): 1. Create new Workloads / VMs 2. Enable Virtual Visibility vCenter APIs vCenter APIs APIs • Deploy GigaVUE-VM • Create Traffic Policies GigaVUE-FM Production Network Tools and Analytics Application Performance Network Management Security APIs to Provision Visibility Fabric™
23©2015 Gigamon. All rights reserved. The Programmable Fabric AGILE VISIBILITY FABRIC Inventory Provisioning Analytics Notifications Administration Inventory / Orchestration (OSS, Homegrown) SDN Controllers (OpenStack, NSX, ODL) Monitoring Tools (NPM, APM, SEIM) North Bound Integration (NBI) APIs . . . . . . GigaVUE-FM
About Gigamon 24
25©2015 Gigamon. All rights reserved. As of Q4 2014 Gigamon Customers Today A BROAD SPECTRUM OF BRAND-NAME CUSTOMERS Enterprise TECHNOLOGY INDUSTRIAL RETAIL FINANCE HEALTHCARE & INSURANCE GOVERNMENT 50 of the Top 100 Global SPs Service Providers 1600+ End Customers 67 of the Fortune-100
26©2015 Gigamon. All rights reserved. The Complete Visibility Ecosystem INTEROPERABILITY WITH ANY TOOL AND ANY NETWORK
27©2015 Gigamon. All rights reserved. • One architecture, One Software, One Management Platform for all visibility • Holistic Physical + Virtual Visibility • Zero packet loss through patented hardware filtering and asymmetric reassembly • Clustering: Extend scale beyond a single node • GigaSMART: Common platform for advanced traffic intelligence, service chaining • Best De-duplication in the market: 100x better • Only vendor with advanced visibility: SSL Decryption, Adaptive Packet Filtering, … • High fidelity NetFlow for advanced traffic insight • Advanced Traffic Visualization and Automation with GigaVUE-FM • Multi-tiered security architecture vs. standalone bypass Why Gigamon? PROVEN ACROSS MORE THAN 1600 CUSTOMERS INCLUDING 67 FORTUNE 100
28©2015 Gigamon. All rights reserved. VISIBILITY MATTERS

More Related Content

Visibility and Automation for Enhanced Security

  • 1. Visibility and Automation for Enhanced Security VP, Product Line Management Ananda Rajagopal
  • 2. 3©2015 Gigamon. All rights reserved. Pervasive Monitoring for Pervasive Visibility WHAT IS DRIVING THIS EMERGING NEED? • Increasing Security Threats • “Zero Trust” Security model: network traffic monitoring • Distributed applications create east-west traffic patterns • Dynamically changing traffic patterns demand better visibility • Maintain visibility through emerging network architecture changes • E.g. White Box, SDN, VMware NSX, Cisco ACI, OpenFlow • Eliminate blind spots due to new encapsulations, encryption* • E.g. VXLAN, SSL traffic Security, Distributed Apps, SDN, New Blind Spots Driving Pervasive Monitoring * ‘Avoid These "Dirty Dozen" Network Security Worst Practices’, Andrew Lerner and Jeremy D'Hoinne, Gartner, January 2015
  • 3. 4©2015 Gigamon. All rights reserved. Gaps in Traditional Security Model Perimeter or Endpoint Based Simple Trust Model Static Environment • Inside vs. outside • Focus on prevention • Trusted vs Un-trusted • Corporate vs. personal asset • Fixed locations, zones, perimeters • Rule based • Signature based • Insider-outsider boundary dissolved • BYOD • Mobility of users, devices and applications
  • 4. 5©2015 Gigamon. All rights reserved. ©2015 Gigamon. All rights reserved. Gaps in Traditional Security Model Perimeter or Endpoint Based Simple Trust Model Static Environment • Inside vs. outside • Focus on prevention • Trusted vs Un-trusted • Corporate vs. personal asset • Fixed locations, zones, perimeters • Rule based • Signature based • Insider-outsider boundary dissolved • BYOD • Mobility of users, devices and applications More importantly … THE VERY NATURE OF CYBER THREATS HAS CHANGED!
  • 5. 6©2015 Gigamon. All rights reserved. Source: RSA Anatomy of an Advanced Persistent Threat (APT) 65432 In Many Cases the System Stays Breached After Exfiltration! Phishing & zero day attack Back door Lateral movement Data gathering Exfiltrate 1 Reconnaissance
  • 6. 7©2015 Gigamon. All rights reserved. *Trustwave 2014 global security report **FireEye: Maginot revisited Current State of Global Security The mean number of days from initial intrusion to detection* The average lifespan of a zero-day before it is discovered or disclosed* of organizations had active Command & Control (C&C) communications** of organizations in the study were breached during the test period**
  • 7. 8©2015 Gigamon. All rights reserved. Internet Firewall DMZ IPS Spine Leaf IDS Server Farm Core Switch What Else Has Changed That Impacts Security? FUNDAMENTAL SHIFT IN TRAFFIC PATTERNS No visibility into lateral propagation of threats!
  • 8. 9©2015 Gigamon. All rights reserved. What Else Has Changed That Impacts Security? DISSOLVING BOUNDARIES BETWEEN THE EDGE AND THE DATA CENTER Internet Firewall DMZ IPS Spine Leaf IDS Server Farm Core Switch Virtual Desktop
  • 9. 10©2015 Gigamon. All rights reserved. What Else Has Changed That Impacts Security? MOBILITY Internet Firewall DMZ IPS Spine Leaf IDS Server Farm Core Switch Virtual Desktop
  • 10. 11©2015 Gigamon. All rights reserved. Visibility: Catalyst for the Right Security Architecture WHAT IS NEEDED? Deliver network wide view, regardless of mobility Take the guesswork out of where to place security tools! Condense large volumes of data into manageable data Peek into encrypted traffic
  • 11. 12©2015 Gigamon. All rights reserved. • Proliferation of tools • Contention for access to traffic • Extraordinary costs • Inconsistent view of traffic • Model breaks down during a network upgrade The Spaghetti of Today’s Monitoring Infrastructure WHY HAS IT NOT BEEN DONE YET? Core Switches Access Switches Internet Internet Distribution Switches ANTI- MALWARE SIEM DLP IDS IPS FORENSICS APT ANALYTIC S
  • 12. 13©2015 Gigamon. All rights reserved. Example Security Delivery Architecture OFFERED BY GIGAMON TODAY Leaf switch Spine switch Spine switch Core switch Core switch Leaf switch APM IPS (Inline) Anti-Malware (Inline) Network Forensics Web Analytics SIEM DLP IDS APT Detection Security Tool Rack GigaVUE-VM Inline Bypass SSL Decryption NetFlow Generation GigaVUE-FM
  • 13. 14©2015 Gigamon. All rights reserved. Third Party Applications, SDN Controller Integration, etc… Applications & Tools Infrastructure, User Community Unified Visibility Fabric™ FOR PERVASIVE VISIBILITY INTO BUSINESS INFRASTRUCTURE Traffic Intelligence Visibility Fabric Nodes (Pervasive visibility across physical, virtual, remote sites, and future SDN/NFV production networks) Fabric Services Flow Mapping® Fabric Control (Management) Applications Inline Bypass GigaVUE-HD8 GigaVUE-HD4 GigaVUE-HB1 GigaVUE-HC2 HSeries TASeries GigaVUE-TA1 GigaVUE-OS on white box* VirtualVisibility GigaVUE-VM TAPs G-TAP G-TAP A Series G-TAP BiDi Embedded TAPs GSeries GigaVUE-2404 GigaVUE-420 G-SECURE-0216 Deduplication Packet Slicing FlowVUE™ Masking GTP Correlation Header Stripping NetFlow Generation Tunneling SSL Decryption Adaptive Packet Filtering GigaVUE-FM Clustering API API API API API
  • 14. 15©2015 Gigamon. All rights reserved. Physical • Service chain GigaSMART® applications • Leverage hybrid port capability • Create flexible service chains Advanced Traffic Intelligence Using GigaSMART MULTIPLE APPLICATIONS CAN BE SERVICE CHAINED TOGETHER Flow Mapping® Tunnel Termination SSL Decryption Adaptive Packet Filtering Virtual GigaVUE-VM GigaVUE-VM Remote site traffic to DLP Web Server Connect Requests to NPM / CEM East-West traffic between virtual workloads to IDS
  • 15. Visibility Fabric: A Customer’s Journey A Programmable Fabric to Detect, React and Respond 16
  • 16. 17©2015 Gigamon. All rights reserved. The Customer Journey Visibility Enables Consolidation & Optimization Cost, Network & Tool Efficiency, Traffic Productivity Visibility Fabric: Physical & Virtual Nodes Ability to Manage Fabric Clusters Themes Pain Point/ Value Business Value Gigamon Solutions Best Practices Visibility Assures Security & Compliance Risk Management: Compliance, Security, Privacy, Data Integrity Visibility Platform Ability to Tie IT Teams Together Visibility Delivers Insight & Action Business Agility to Anticipate, React, and Respond Active Visibility: Detect & Respond Ability to Have the Platform Act as a Real-time Sensor CAPEX OPEX ASSURANCE CAPEX OPEX ASSURANCE CAPEX OPEX AGILITY + + Stages of Customer Adoption and Maturity
  • 17. 18©2015 Gigamon. All rights reserved. DAY 1 ROI ASSURED! NPM NPM NPM NPM Edge Switches Internet Routers Core Switches Distribution Switches Case Study: Large Utility 18 $6.25M $3.1M NPM NPM NPM NPM NPM NPM NPM NPM NPM NPM NPM NPM  New data center with NPM deployment  Original Quote for NPM: $6.25M  Rejected by Utility’s Budget Approvers  NPM + Gigamon: $3.1M  Results: 1. Better deployment 2. Improved 4-5 additional tools 3. Visibility Fabric architecture now in place 4. 50% savings in CAPEX
  • 19. 20©2015 Gigamon. All rights reserved. The Case for a Programmable Visibility Fabric USE CASE: SECURITY (PROVISIONING AND NOTIFICATIONS) ‘Suspicious’ Pattern • Generate NetFlow • Change Flow Map • Decrypt SSL APIs Software Defined Data Center Virtual Workloads Production Network Internet Security Tools and Analytics GigaVUE-FM APIs to Provision Visibility Fabric™
  • 20. 21©2015 Gigamon. All rights reserved. The Case for a Programmable Visibility Fabric USE CASE – INVENTORY, ANALYTICS, PROVISIONING AND ADMINISTRATION Customer / Partner Applications (Auto Provisioning) GigaVUE-FM Production Network Tools and Analytics Application Performance Network Management • Configure Network Port • Create / Update Flow Map APIsAPIs Customer Application (CMDB) Vendor APIs (Inventory, Stats) Use Case 2 (Inventory/Stats): • Heterogeneous monitoring • Reporting • Capacity Planning Use Case 3 (Ticketing/Provisioning): • Configure network port • Monitor new IP subnet / VLANs • Upgrade SW image • Get Inventory / Status • Get Statistics Security APIs to Provision Visibility Fabric
  • 21. 22©2015 Gigamon. All rights reserved. The Case for a Programmable Visibility Fabric USE CASE – PRIVATE CLOUD PROVISIONING Software Defined Data Center Virtual Workloads Internet Use Case 4 (Private Cloud Orchestration): 1. Create new Workloads / VMs 2. Enable Virtual Visibility vCenter APIs vCenter APIs APIs • Deploy GigaVUE-VM • Create Traffic Policies GigaVUE-FM Production Network Tools and Analytics Application Performance Network Management Security APIs to Provision Visibility Fabric™
  • 22. 23©2015 Gigamon. All rights reserved. The Programmable Fabric AGILE VISIBILITY FABRIC Inventory Provisioning Analytics Notifications Administration Inventory / Orchestration (OSS, Homegrown) SDN Controllers (OpenStack, NSX, ODL) Monitoring Tools (NPM, APM, SEIM) North Bound Integration (NBI) APIs . . . . . . GigaVUE-FM
  • 24. 25©2015 Gigamon. All rights reserved. As of Q4 2014 Gigamon Customers Today A BROAD SPECTRUM OF BRAND-NAME CUSTOMERS Enterprise TECHNOLOGY INDUSTRIAL RETAIL FINANCE HEALTHCARE & INSURANCE GOVERNMENT 50 of the Top 100 Global SPs Service Providers 1600+ End Customers 67 of the Fortune-100
  • 25. 26©2015 Gigamon. All rights reserved. The Complete Visibility Ecosystem INTEROPERABILITY WITH ANY TOOL AND ANY NETWORK
  • 26. 27©2015 Gigamon. All rights reserved. • One architecture, One Software, One Management Platform for all visibility • Holistic Physical + Virtual Visibility • Zero packet loss through patented hardware filtering and asymmetric reassembly • Clustering: Extend scale beyond a single node • GigaSMART: Common platform for advanced traffic intelligence, service chaining • Best De-duplication in the market: 100x better • Only vendor with advanced visibility: SSL Decryption, Adaptive Packet Filtering, … • High fidelity NetFlow for advanced traffic insight • Advanced Traffic Visualization and Automation with GigaVUE-FM • Multi-tiered security architecture vs. standalone bypass Why Gigamon? PROVEN ACROSS MORE THAN 1600 CUSTOMERS INCLUDING 67 FORTUNE 100
  • 27. 28©2015 Gigamon. All rights reserved. VISIBILITY MATTERS